Hikashop

hikashop

5 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-25225 1Hikashop 1Hikashop May 28, 2025 Mar 15, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A privilege escalation vulnerability in the Hikashop component versions 1.0.0-5.1.3 for Joomla allows authenticated attackers (administrator) to escalate their privileges to Super Admin Permissions.
CVE-2025-22210 1Hikashop 1Hikashop Jun 4, 2025 Feb 25, 2025 N/A· v4 7.2 HIGH· v3 N/A· v2 A SQL injection vulnerability in the Hikashop component versions 3.3.0-5.1.4 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the category management area in backend.
CVE-2024-40746 1Hikashop 1Hikashop Mar 19, 2025 Oct 21, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A stored cross-site scripting (XSS) vulnerability in HikaShop Joomla Component < 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the `descri...Show more A stored cross-site scripting (XSS) vulnerability in HikaShop Joomla Component < 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the `description` parameter of any product. The `description `parameter is not sanitised in the backend.Show less
CVE-2023-38044 1Hikashop 1Hikashop Nov 21, 2024 Aug 7, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.
CVE-2015-7344 1Hikashop 1Hikashop Nov 21, 2024 Mar 9, 2020 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 HikaShop Joomla Component before 2.6.0 has XSS via an injected payload[/caption].